From 5e2eab6f32bc76918aa17791b688d1df27d6ddfc Mon Sep 17 00:00:00 2001 From: realtradam Date: Sat, 20 Jul 2024 00:51:37 -0400 Subject: code cleanup --- .../java/com/blog/web/security/SecurityConfig.java | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) (limited to 'src/main/java/com/blog/web/security/SecurityConfig.java') diff --git a/src/main/java/com/blog/web/security/SecurityConfig.java b/src/main/java/com/blog/web/security/SecurityConfig.java index b459224..17e09c7 100644 --- a/src/main/java/com/blog/web/security/SecurityConfig.java +++ b/src/main/java/com/blog/web/security/SecurityConfig.java @@ -28,24 +28,7 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // disabling csrf leaves us vulnerable, in a real production app do not do this - http.csrf(c -> c.disable()) - .cors(c -> c.disable()) - .authorizeHttpRequests( auths -> auths - .anyRequest() - .permitAll() - ) - .formLogin(form -> form - .loginPage("/userlogin") - .usernameParameter("username") - .passwordParameter("password") - .defaultSuccessUrl("/articles") - .loginProcessingUrl("/userlogin") - .failureUrl("/userlogin?error=true") - .permitAll() - ).logout( - logout -> logout - .logoutUrl("/logout") - .logoutSuccessUrl("/articles")); + http.csrf(c -> c.disable()).cors(c -> c.disable()).authorizeHttpRequests(auths -> auths.anyRequest().permitAll()).formLogin(form -> form.loginPage("/userlogin").usernameParameter("username").passwordParameter("password").defaultSuccessUrl("/articles").loginProcessingUrl("/userlogin").failureUrl("/userlogin?error=true").permitAll()).logout(logout -> logout.logoutUrl("/logout").logoutSuccessUrl("/articles")); return http.build(); } -- cgit v1.2.3